Chapter 7 Securing Information Systems

Size: px
Start display at page:

Download "Chapter 7 Securing Information Systems"

Transcription

1 1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita, Kansas. The BTK killer first struck in 1971 with the murder of four members of a Wichita family in their home and committed his last in this early period murder in He then resurfaced between March 2004 and February 2005, sending a letter to a local news paper and eventually a floppy disk to the city police department. The disk contained a file labeled "Test A.RTF" with the message "This is a test." Additional investigation found that the disk was opened in computers at Wichita's Christ Lutheran Church and the file was last saved by a user named "Dennis." This information led police to Dennis Rader, president of the congregation, who was proven via DNA analysis and examination of Rader's computer to be the BTK killer. Computer forensics played an important role in breaking this case. What Is Computer Forensics? Computer forensics is the scientific collection, examination, authentication, preservation, and analysis of digital data so that the information can be used as evidence in a court of law. Both local and federal law enforcement agencies use computer forensics to gather evidence for criminal cases or to obtain more information about a suspect. Large corporations may hire a computer forensics expert to monitor employee computer activities to make sure employees are not leaking sensitive or critical company information or using company computer resources in harmful ways. Computer forensics can be an indispensable tool in divorce cases where one party may be trying to conceal or secretly transfer wealth, or there is suspicion of infidelity or other conduct that would constitute "fault" in divorce proceedings. The divorce discovery process will be looking for digital evidence such as names and addresses of financial institutions, fund transfers, hidden accounts, real estate holdings, debt information, account activity, and and instant message communication with other people. The party that fails to disclose an asset during the divorce process may be required to pay attorney's fees and turn over the asset to the other party or to the court in a receivership proceeding, in addition to losing credibility in the divorce proceeding as a whole. For instance, computer forensics facilitated the discovery of records related to a family-owned business. The profit and loss statements and general ledgers for a fouryear period provided by the spouse that operated the business appeared to minimize corporate assets and income. A forensic analysis of the computer system where the records were stored showed that a program designed to erase data was downloaded and used to remove items from the hard drive shortly before the computer was turned over to the forensic examiner. The forensic examiner additionally determined that the financial records that had been provided by the spouse had been generated by a program version that was not in use at the time the records were purportedly created. As a result, the court concluded that the records had been modified and imposed a sanction against the spouse that had provided the records.

2 Computer forensics requires specialized expertise and tools that go beyond the normal data collection preservation techniques employed by end users and information systems departments. This field also requires legal knowledge because digital evidence must adhere to the standards of evidence that are admissible in a court of law. Before performing an investigation, the examiner must make sure he or she has the legal authority to search for digital data. Computer forensics experts perform a variety of tasks: Identify sources of digital or documentary evidence Preserve the evidence Analyze the evidence Present the findings. Digital Evidence Digital evidence consists of any information stored or transmitted in digital form that can be used in court for either criminal or civil cases. Digital evidence can be found in , voice mail, instant messaging, Web browsing histories, digital photographs and video, computer disk drives, CDs, DVDs, USB storage devices, ipods and MP3 players, smart phones, cell phones, pagers, photocopiers, fax machines, and Global Positioning System (GPS) tracks. is now a primary means of communication and a major source of digital evidence. This evidence may be found in the body of the or in an attachment. E- mail data may be stored on a local hard drive, a network device, a dedicated mail server, or a removable device, and the forensic examiner will search all of these devices. All messages generate headers attached to the messages that contain valuable information such as the time the message was sent, identities of sender and recipient, and the sender's domain name. The headers may contain "reply to" information that allow threads to be reconstructed. The high volume of makes it difficult for an examiner to search each message. Forensic experts typically will make copies of s and attachments and look for incriminating evidence using keyword searches. Computer forensics specialists are often called in to recover data that has been deleted from a device. Many computer users do not realize that there are tools for recovering data on a computer hard drive after a file has been deleted. In addition to recovering "deleted" files, computer forensics specialists can examine local network connections to gather evidence from data transmissions or uploads of files. Obtaining Digital Evidence CHAPTER 7: Learning Track 3 2 Like any other piece of evidence used in a legal case, the information obtained by a computer forensics investigation must follow the standards of admissible evidence in a court of law. Those presenting electronic evidence must be able to demonstrate the reliability of the computer equipment, the manner in which the basic data were initially entered, measures taken to ensure the accuracy of the data as entered, the method of storing the data, precautions taken to prevent its loss, and the accuracy and reliability of the computer programs used to process the data. If the individual who generated the digital evidence has not consented to having his or her computer system examined, the computer forensics expert must make sure that he or she has the legal authority to seize, examine, and image the individual's computer devices. The computer forensics investigator needs to document all work done to a com-

3 puter and all information found. An investigator who uses a faulty procedure may invalidate all the digital evidence collected. To make sure evidence is not lost, destroyed, or compromised, the following guidelines should be followed: 1. Only use tested tools and methods that have been tested and validated for accuracy and reliability. 2. Handle the original evidence as little as possible to avoid changing data. 3. Document everything done. 4. Establish and maintain a chain of custody. 5. Never exceed personal knowledge Unless it is completely unavoidable, digital evidence should not be analyzed using the same machine from which it was collected. Instead, forensic image copies of the contents of computer storage devices (primarily hard drives) are made. If a machine is suspected of being used for illegal communications, such as terrorist traffic, important information may not be stored on the hard drive. Several Open Source tools are available to analyze open ports, mapped drives, or open encrypted files on the live computer system. These stools can also scan RAM and Registry information to show recently accessed Web-based sites and the login/password used to access these sites or recently accessed local applications such as MS Outlook. The Registry is a database used by the Windows operating system to store configuration information, such as settings for hardware, system software, installed programs, and user preferences. This information may help a forensic investigation by showing, for example, whether someone tried to uninstall a program. It is possible that the expert trying to analyze a live computer system will make changes to the contents of the hard drive. During each phase of the analysis, the forensic examiner needs to identify the information that will be lost when the system powers down, balancing the need to potentially change data on the hard drive with the evidentiary value of the perishable data. When a live analysis is being conducted, data that are most likely to be modified or damaged first must be captured first. So the examiner will first inspect data in network connections, followed by analysis of running computer programs, then the contents of RAM, which may include information on all running programs, recently run programs, passwords, encryption keys, personal information, and system and program settings. Next operating systems will be examined, including user lists, currently logged in users, system data and time, currently accessed files, and current security policies. Finally, the hard drive will be imaged to create an exact duplicate. Forensic examiners can completely duplicate an entire hard drive using a standalone hard drive duplicator or software imaging tools such as DCFLdd or IXimager, storing the duplicate on another hard disk drive, a tape, or other media. The original drive will be moved to secure storage to prevent tampering and some type of hardware write tool will be used to ensure the original hard drive cannot be written on again. Table 1 shows some of the leading software tools used for these activities. Careers in Computer Forensics Computer forensics is a blossoming field, given the increasing amount of public discussion and legislation aimed controlling computer crime, identity theft, data leakage, and data protection. The FBI anticipates that nearly fifty percent of its criminal cases will involve computer forensics work in the future. The nature of crime itself is changing as criminals learn how to exploit weaknesses in computers, networks, and their CHAPTER 7: Learning Track 3 3

4 CHAPTER 7: Learning Track 3 4 TABLE 1 DIGITAL FORENSIC SOFTWARE TOOLS SOFTWARE TOOL EnCase Forensics DCFLdd AccessData Forensic Toolkit Mailbag Assistant IsoBuster IX Imager Paraban Device Seizure SMART Helix DESCRIPTION Comprehensive tool capable of performing both file imaging and analysis, and analyzing and documenting multiple formats. Open source tool that is often used to create bitstream image files of media as part of a forensic acquisition process. Can hash data as it is being transferred, helping to ensure data integrity, verify that a target drive is a bit-for-bit match of the specified input file or pattern, and output to multiple files or disks at the same time. Performs imaging, decryption, and analysis, supporting many file and imaging formats. Tools for searching, organizing, and analyzing in many different formats. Data recovery tool for examining CDs and DVDs. Works with multiple CD and DVD file formats and CD image files. Is capable of viewing and accessing data on CDs and DVDs from both open and closed sessions, thereby displaying data which may not be readily accessible by other forensic software tools Linux-based digital media acquisition tool, with the ability to compress and/or encrypt image files and provide imaging accuracy in the face of damaged media, hidden geometries, and under adverse conditions. Works with devices that otherwise cannot be imaged in a Windows environment, include USB devices, server RAID systems, and tape. Provides deleted data recovery and full data dumps of certain cell phone models Software utility that can acquire data from digital devices and clone it to any number of images and devices simultaneously. Able to recover deleted data and interpret file system metadata, and to perform an on-site or remote preview of a target system. Includes more than 35 tools for incident response and forensic analysis, including tools for wiping data from disks, recovering data from slack space, and viewing the Windows Registry. business applications in finance and accounting. Computer forensics professionals are referred to by many titles, including computer forensics investigator, digital forensics detectives, and digital media analysts. All these jobs deal with the investigation of digital media. A computer forensics investigator is responsible for collecting and evaluating data stored or encrypted on digital media or for recovering data that have been deleted from a computer device. The investigator is also charged with securing the data and

5 ensuring they are not accidentally damaged during an investigation. Once the investigation is complete, the computer forensics investigator will write a detailed report describing the findings of the investigation. Computer forensics investigators work with law enforcement agencies, large corporations, or consulting firms or they operate on their own as freelance consultants to businesses that do not need or cannot afford a full-time computer forensics professional. A computer forensics director is typically responsible for managing a team of computer forensics investigators in a law enforcement agency, large corporation, or computer forensics consulting firm. Computer forensics directors must have good management skills and are responsible for ensuring that all legal procedures and company policies are carefully followed. This position generally requires a bachelor's degree, usually in management, computer security, criminal justice, or computer forensics. The salary for computer forensics professionals ranges for $85,000 to $120,000 per year, with salaries at private companies usually higher than those in law enforcement. Computer forensics directors typically earn salaries in the range of $120,000 to $160,000. The two most common certifications for computer forensics investigators are the Certified Information Systems Security Professional (CISSP) and the Certified Computer Examiner (CCE). The CISSP is offered by the International Information Systems Security Certification Consortium, or ISC. To be certified, individuals must pass a six-hour CISSP examination. Candidates for the CISSP exam should have at least four years of professional experience in information security or a college degree and three years of experience. The Certified Computer Examiner (CCE) certification demonstrates competency in computer forensics. The CCE credential is offered by the International Society for Computer Examiners (ISFCE). To qualify for the CCE, candidates should have at least 18 months of professional experience or documented training, pass an online examination. and perform a forensic examination on at least three "test media." Digital Forensic Degree Programs Many computer forensics professionals acquire expertise while on the job in law enforcement and computer security positions, but formal education is becoming more necessary as a requirement for these positions. There are computer forensics certificate programs for people who already have some career knowledge. People with no law enforcement or security background can pursue an associates' degree, a bachelors' degree or a masters degree programs in computer forensics. For positions such as forensic team leaders or bureau supervisors, a graduate degree is desirable. All computer forensics specialists must have a solid comprehension of the law. They must understand how to properly and legally handle evidence and how to use a variety of methods for evidence discovery and retrieval. Computer forensics specialists will need knowledge of computer systems and programs and how to retrieve information from them. Computer forensic degree programs offer courses in business and criminal law along with course work in computer systems and programs and courses in technical writing and public speaking. Many of these degree programs require completion of an internship with local agencies or computer forensics professionals prior to graduation to provide real-world working experience. The associate's degree in computer forensics is a two year study program that includes courses in cybercrime, intrusion detection systems, and legal basics, along with courses in technical writing, algebra, and public speaking. The bachelor's degree in computer forensics is a four-year program providing computer forensics knowledge along with general education. Graduates typically take courses in criminal law, computer operating systems, and intrusion detection systems CHAPTER 7: Learning Track 3 5

6 CHAPTER 7: Learning Track 3 6 along with courses in technical writing, economics, and statistics. A few colleges and universities, such as Utica College of Syracuse University, Keiser University, and Marymount University in Arlington, Virginia, offer bachelor's degree programs in computer forensics. Many more colleges are planning new programs in computer forensics. Master's degree programs in computer forensics are typically pursued by law enforcement and computer security professionals who have already earned bachelor's degrees. These programs require course work in digital forensics, computer security and fraud analysis. Educational institutions offering a computer forensics master's degree include the University of Central Florida, John Jay College of Criminal Justice, Marshall University, and the University of East London.

Overview of Computer Forensics

Overview of Computer Forensics Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations

More information

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820 Page 1 of 5 DAKOTA COUNTY Employee Relations Administration Center, 1590 Highway 55 Hastings, MN 55033-2372 651.438.4435 http://www.dakotacounty.us INVITES APPLICATIONS FOR THE POSITION OF: Electronic

More information

Hands-On How-To Computer Forensics Training

Hands-On How-To Computer Forensics Training j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE

More information

Digital Forensics. Larry Daniel

Digital Forensics. Larry Daniel Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating

More information

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians

More information

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching

More information

Computer Intrusion Forensics Literature Review

Computer Intrusion Forensics Literature Review Computer Intrusion Forensics Literature Review Nathan Balon CIS 544 October 20, 2003 Title Computer Forensics: Incident Response Essentials by Warren G. Kruse II and Jay G. Heiser Reviewed by Nathan Balon

More information

Digital Forensics for Attorneys Overview of Digital Forensics

Digital Forensics for Attorneys Overview of Digital Forensics Lars Daniel,, EnCE, ACE, CTNS Digital Forensic Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence

More information

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014 Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,

More information

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis

More information

Digital Forensics. Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island

Digital Forensics. Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island Digital Forensics Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island Topics What is Digital Forensics? Cases Digital Forensics Practice Algorithms and Computer Sci Digital Forensics

More information

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES BDO CONSULTING FORENSIC TECHNOLOGY SERVICES MARCH 2013 AGENDA Introduction About BDO Consulting Computer Forensics & E-Discovery Practice Current Trends Case Studies Q&A Page 2 Michael Barba Managing Director,

More information

Chapter 15: Computer Security and Privacy

Chapter 15: Computer Security and Privacy Understanding Computers Today and Tomorrow 12 th Edition Chapter 15: Computer Security and Privacy Learning Objectives Explain why all computer users should be concerned about computer security. List some

More information

Universität Mannheim Praktische Informatik I

Universität Mannheim Praktische Informatik I Universität Mannheim Praktische Informatik I 21.03.2007 Examining and imaging data on running systems using LiveWire" Steven W. Wood Master of Science (Florida Institute of Technology) ALSTE Technologies

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

COMPUTER FORENSICS FOR THE CLAIMS HANDLER

COMPUTER FORENSICS FOR THE CLAIMS HANDLER COMPUTER FORENSICS FOR THE CLAIMS HANDLER Presented and Prepared by: James C. Feehan, Jr. Peoria Computer Forensic Associates, LLC EnCE Digital Forensic Specialist 866.938.4041 James@PeoriaComputerForensics.com

More information

CCE Certification Competencies

CCE Certification Competencies CCE Certification Competencies May 10, 2012 Page 1 The Certified Computer Examiner (CCE) has evolved into one of the most desired certifications in the computer forensics industry. The certification is

More information

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics Larry E. Daniel, EnCE, DFCP, BCE Digital Forensic Examiner Digital Forensics for Attorneys An Overview of Digital Forensics About Your Presenter EnCase Certified Examiner (EnCE) Digital Forensics Certified

More information

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

Computer Forensics. Liu Qian, Fredrik Höglin, Patricia Alonso Diaz. Uppsala University 2007-10-08

Computer Forensics. Liu Qian, Fredrik Höglin, Patricia Alonso Diaz. Uppsala University 2007-10-08 Computer Forensics Liu Qian, Fredrik Höglin, Patricia Alonso Diaz Uppsala University 2007-10-08 Outline This PM will give a brief overview of the field of computer forensics, including background, definitions,

More information

Digital Forensics, ediscovery and Electronic Evidence

Digital Forensics, ediscovery and Electronic Evidence Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics

More information

Best Practices for Incident Responders Collecting Electronic Evidence

Best Practices for Incident Responders Collecting Electronic Evidence Best Practices for Incident Responders Collecting Electronic Evidence rev. April 2013 Prepared by: Rick Clyde Forensic Examiner rick.clyde@cwcsecurity.com M: (402) 709-6064 Chris Hoke Principal and Owner

More information

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements 9 April 2013 Facilitator: Dr. Sheau-Dong Lang, Coordinator Master of Science in Digital Forensics University

More information

Sufficiency of Windows Event log as Evidence in Digital Forensics

Sufficiency of Windows Event log as Evidence in Digital Forensics Sufficiency of Windows Event log as Evidence in Digital Forensics Nurdeen M. Ibrahim & A. Al-Nemrat, Hamid Jahankhani, R. Bashroush University of East London School of Computing, IT and Engineering, UK

More information

Developing Computer Forensics Solutions for Terabyte Investigations

Developing Computer Forensics Solutions for Terabyte Investigations Developing Computer Forensics Solutions for Terabyte Investigations Eric Thompson Corporation Orem, Utah USA www.accessdata.com Overview Computer Forensic Definition, Objectives and Policies History of

More information

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

InfoSec Academy Forensics Track

InfoSec Academy Forensics Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

Ten Deadly Sins of Computer Forensics

Ten Deadly Sins of Computer Forensics Ten Deadly Sins of Computer Forensics Cyber criminals take advantage of the anonymity of the Internet to escape punishment. Computer Forensics has emerged as a new discipline to counter cyber crime. This

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

CYBER FORENSICS (W/LAB) Course Syllabus

CYBER FORENSICS (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 CYBER FORENSICS (W/LAB) Course Syllabus Course Number: CSFS-0020 OHLAP Credit: Yes OCAS Code: 8134 Course Length: 130 Hours Career Cluster: Information

More information

CITY UNIVERSITY OF HONG KONG. Information Classification and

CITY UNIVERSITY OF HONG KONG. Information Classification and CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification

More information

Rule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover

Rule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover : Discovering What There Is to Discover One of the challenges in electronic discovery is identifying the various sources of electronically stored information (ESI) that could potentially be relevant to

More information

To Catch a Thief: Computer Forensics in the Classroom

To Catch a Thief: Computer Forensics in the Classroom To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California

More information

Southern Law Center Law Center Policy #IT0014. Title: Privacy Expectations for SULC Computing Resources

Southern Law Center Law Center Policy #IT0014. Title: Privacy Expectations for SULC Computing Resources Southern Law Center Law Center Policy #IT0014 Title: Privacy Expectations for SULC Computing Resources Authority: Department Original Adoption: 5/7/2007 Effective Date: 5/7/2007 Last Revision: 9/17/2012

More information

Case Study: Mobile Device Forensics in Texting and Driving Cases

Case Study: Mobile Device Forensics in Texting and Driving Cases Case Study: Mobile Device Forensics in Texting and Driving Cases Company Profile McCann Investigations is a full service private investigation firm providing complete case solutions by employing cutting-edge

More information

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking

More information

WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others

WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE A Guide for University Faculty, Staff, and Others What is a Litigation Hold Notice? Notice from an authorized UW department (Attorney General s Office,

More information

Case Study: Hiring a licensed Security Provider

Case Study: Hiring a licensed Security Provider Case Study: Hiring a licensed Security Provider Company Profile McCann Investigations is a full service private investigation firm providing complete case solutions by employing cutting-edge computer forensics

More information

Incident Response and Forensics

Incident Response and Forensics Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer

More information

TIME SYSTEM SECURITY AWARENESS HANDOUT

TIME SYSTEM SECURITY AWARENESS HANDOUT WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Case study on asset tracing

Case study on asset tracing Recovering Stolen Assets: A Practitioner s Handbook ARNO THUERIG * Case study on asset tracing I. Case study background The client adviser of a Swiss private bank transferred approximately USD 1 million

More information

e-discovery Forensics Incident Response

e-discovery Forensics Incident Response e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

Payment Card Industry (PCI) Policy Manual. Network and Computer Services Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology

More information

Computer Forensic Capabilities

Computer Forensic Capabilities Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

CERTIFIED DIGITAL FORENSICS EXAMINER

CERTIFIED DIGITAL FORENSICS EXAMINER CERTIFIED DIGITAL FORENSICS EXAMINER KEY DATA Course Title: C)DFE Duration: 5 days CPE Credits: 40 Class Format Options: Instructor-led classroom Live Online Training Computer Based Training Who Should

More information

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721 Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721 Electronic Information Security and Data Backup Procedures Date Adopted: 4/13/2012 Date Revised: Date Reviewed: References: Health Insurance Portability

More information

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security and Electronic Communications Acceptable Use Policy (AUP) Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern

More information

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy Created: 2/18/2011 Page 1 of 8 'Namgis First Nation is hereinafter referred to as "the government." 1.0 Overview Though there are a number of reasons to provide a user network access, by far the most common

More information

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd. Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

Sensitive Incident Investigations. Digital Risk Management. Forensics Testing.

Sensitive Incident Investigations. Digital Risk Management. Forensics Testing. Sensitive Incident Investigations. Digital Risk Management. Forensics Testing. 2009 Innovation Award Winner Austin Chamber of Commerce 2010 Innovation Award Finalist Austin Chamber of Commerce Only private

More information

Service Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5

Service Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5 WIN reserves the right to prioritize traffic based on real time and non-real time applications during heavy congestion periods, based on generally accepted technical measures. WIN sets speed thresholds

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues Doing Business in Oregon Under the Oregon Consumer Identity Theft Protection Act and Related Privacy Risks Privacy Data Loss www.breachblog.com Presented by: Mike Porter March 10, 2009 2 Privacy Data Loss

More information

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation

More information

Design and Implementation of Digital Forensics Labs:

Design and Implementation of Digital Forensics Labs: Design and Implementation of Digital Forensics Labs: A Case Study for Teaching Digital Forensics to Undergraduate Students Hongmei Chi, Christy Chatmon, Edward Jones, and Deidre Evans Computer and Information

More information

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu Cloud Forensics Written & Researched by: Maegan Katz & Ryan Montelbano 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu November 4, 2013 Disclaimer: This document

More information

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS Chapter 22 CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS April Tanner and David Dampier Abstract Research in digital forensics has yet to focus on modeling case domain information involved in investigations.

More information

Code - A Date Approved: July 24/01

Code - A Date Approved: July 24/01 Page 1 of 10 Date Last Revision: Feb 12/08 POLICY STATEMENT AND PURPOSE The County of Elgin provides employees, elected officials, and other organizations and individuals with access to computer and network

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

Preservation and Production of Electronic Records

Preservation and Production of Electronic Records Policy No: 3008 Title of Policy: Preservation and Production of Electronic Records Applies to (check all that apply): Faculty Staff Students Division/Department College _X Topic/Issue: This policy enforces

More information

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT PRIVACY IMPACT ASSESSMENT Outsourced Litigation Support Services September 2013 FDIC External Service Table of Contents System Overview Personally Identifiable Information (PII) in OLSS Purpose & Use of

More information

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW

More information

CNIT 121: Computer Forensics. 8 Forensic Duplication

CNIT 121: Computer Forensics. 8 Forensic Duplication CNIT 121: Computer Forensics 8 Forensic Duplication Types of Duplication Simple duplication Copy selected data; file, folder, partition... Forensic duplication Every bit on the source is retained Including

More information

HIPAA Awareness Training

HIPAA Awareness Training New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental

More information

Certified Digital Forensics Examiner (CDFE)

Certified Digital Forensics Examiner (CDFE) Certified Digital Forensics Examiner (CDFE) Secrets To Acing The Exam and Successful Finding And Landing Your Next Certified Digital Forensics Examiner (CDFE) Certified Job 1 2 Write a review to receive

More information

How did Wiki Leaks happen?

How did Wiki Leaks happen? How did Wiki Leaks happen? A disgruntled employee with an agenda goes to work with USB flash drives and copies restricted files off of the server. There is no adequate secure network access and identity

More information

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use

More information

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT PRIVACY IMPACT ASSESSMENT Electronic Litigation Support System June 2012 FDIC Internal System Table of Contents System Overview Personally Identifiable Information (PII) in ELS Purpose & Use of Information

More information

CHFI v8(computer Hacking Forensics Investigator)

CHFI v8(computer Hacking Forensics Investigator) CHFI v8(computer Hacking Forensics Investigator) Course Description & Overview Overview CHFIv8 Course Description EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator

More information

Massachusetts Digital Evidence Consortium. Digital Evidence Guide for First Responders

Massachusetts Digital Evidence Consortium. Digital Evidence Guide for First Responders Massachusetts Digital Evidence Consortium Digital Evidence Guide for First Responders May 2015 Digital Evidence Guide for First Responders - MDEC A Note to the Reader There are an unlimited number of legal

More information

Information Security Handbook for Employees

Information Security Handbook for Employees Information Security Handbook for Employees Providing our patients with excellence in healthcare includes protecting their information This handbook was prepared by Tom Walsh Consulting, LLC for the Kansas

More information

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of computer

More information

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT PRIVACY IMPACT ASSESSMENT Deloitte Forensic Data Capture Services January 2013 FDIC External Service Table of Contents System Overview Personally Identifiable Information (PII) in Deloitte Purpose & Use

More information

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Triage and Collect with EnCase Portable

More information

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge skills in computer

More information

Case Study: Smart Phone Deleted Data Recovery

Case Study: Smart Phone Deleted Data Recovery Case Study: Smart Phone Deleted Data Recovery Company profile McCann Investigations is a full service private investigations firm providing complete case solutions by employing cutting-edge computer forensics

More information

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI?

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI? Ricoh Legal Live Data Acquisition: The New Default Standard for Capturing ESI? By David Greetham, National Director of Forensics, Legal Enterprise Solutions Live computer forensic imaging, which is performed

More information

Digital and Cloud Forensics

Digital and Cloud Forensics Digital and Cloud Forensics Stavros Simou Cultural Informatics Laboratory, Department of Cultural Technology and Communication, University of the Aegean, University Hill, GR 81100 Mytilene, Greece ssimou@aegean.gr

More information

Digital Forensics Fundamentals

Digital Forensics Fundamentals Digital Forensics Fundamentals 1 P a g e Table of Contents 1. Overview of Digital Forensics... 3 2. Evaluation of Digital forensic tools... 5 2.1 Encase Digital forensic tool... 5 2.1.1 Benefits with Encase

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S

Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S What is a Litigation Hold Notice? Notice from an authorized department (e.g., Attorney General s Office Torts

More information

Incident Response and Computer Forensics

Incident Response and Computer Forensics Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident

More information

Computer Forensics as an Integral Component of the Information Security Enterprise

Computer Forensics as an Integral Component of the Information Security Enterprise Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,

More information

Asheboro City Schools 1:1 Laptop Handbook for Elementary and Middle Schools

Asheboro City Schools 1:1 Laptop Handbook for Elementary and Middle Schools Asheboro City Schools 1:1 Laptop Handbook for Elementary and Middle Schools Students should use technology and the Internet in an appropriate manner. Technology is an integral part of a student s educational

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information